This project has moved. For the latest updates, please go here.

Time change security problem.

Topics: Help & Support
Dec 10, 2013 at 1:08 PM
Hi all! I have a problem with security, when user change DateTime in is computer! If User change date back, license is still working? How can i resolve this problem
Coordinator
Dec 12, 2013 at 9:43 PM
Edited Dec 12, 2013 at 9:43 PM
Dear Olegmukutyuk,

Thank you for your message! There are two solutions to this problem.
The one I would use would require internet access, i.e. the application would need to get server time and compare it to the local time. If they are equal --> continue validation. If not -->stop.
using System;
using System.Collections.Generic;

using System.Linq;
using System.Text;

namespace DateControl
{
    class Program
    {
        static void Main(string[] args)
        {
            if( GetNetworkTime().ToShortDateString() == DateTime.Now.ToShortDateString())
            {
                // continue validation after this
                Console.WriteLine("Time has not changed!");
            }
            else
            {
                // the date was altered. stop validation.
                Console.WriteLine("The date has changed.");
            }

            Console.ReadLine();

        }

        public static DateTime GetNetworkTime()
        {
            //From: http://stackoverflow.com/questions/1193955/how-to-query-an-ntp-server-using-c
            //By: @Nasreddine

            //default Windows time server
            const string ntpServer = "time.windows.com";

            // NTP message size - 16 bytes of the digest (RFC 2030)
            var ntpData = new byte[48];

            //Setting the Leap Indicator, Version Number and Mode values
            ntpData[0] = 0x1B; //LI = 0 (no warning), VN = 3 (IPv4 only), Mode = 3 (Client Mode)

            var addresses = System.Net.Dns.GetHostEntry(ntpServer).AddressList;

            //The UDP port number assigned to NTP is 123
            var ipEndPoint = new System.Net.IPEndPoint(addresses[0], 123);
            //NTP uses UDP
            var socket = new System.Net.Sockets.Socket(System.Net.Sockets.AddressFamily.InterNetwork, System.Net.Sockets.SocketType.Dgram, System.Net.Sockets.ProtocolType.Udp);

            socket.Connect(ipEndPoint);

            //Stops code hang if NTP is blocked
            socket.ReceiveTimeout = 3000;

            socket.Send(ntpData);
            socket.Receive(ntpData);
            socket.Close();

            //Offset to get to the "Transmit Timestamp" field (time at which the reply 
            //departed the server for the client, in 64-bit timestamp format."
            const byte serverReplyTime = 40;

            //Get the seconds part
            ulong intPart = BitConverter.ToUInt32(ntpData, serverReplyTime);

            //Get the seconds fraction
            ulong fractPart = BitConverter.ToUInt32(ntpData, serverReplyTime + 4);

            //Convert From big-endian to little-endian
            intPart = SwapEndianness(intPart);
            fractPart = SwapEndianness(fractPart);

            var milliseconds = (intPart * 1000) + ((fractPart * 1000) / 0x100000000L);

            //**UTC** time
            var networkDateTime = (new DateTime(1900, 1, 1, 0, 0, 0, DateTimeKind.Utc)).AddMilliseconds((long)milliseconds);

            return networkDateTime.ToLocalTime();
        }

        // stackoverflow.com/a/3294698/162671
        static uint SwapEndianness(ulong x)
        {
            return (uint)(((x & 0x000000ff) << 24) +
                           ((x & 0x0000ff00) << 8) +
                           ((x & 0x00ff0000) >> 8) +
                           ((x & 0xff000000) >> 24));
        }

    }

}
In case you do not want the application to access internet, you could at least restrict the usage to the specified time period, i.e. the key can only be used within the time frame chosen. For this, please see https://skgl.codeplex.com/documentation#security.

Please feel free to ask other questions!
/Artem